Information Technology is at the core of today’s enterprises, administrations and economies, and as such it needs to be secure. As our economies become increasingly digital, PAC posits there can be no digital economy without digital trust. For example, IT security is a key enabler for rapidly growing markets, such as XaaS, m-commerce or e-banking. As such modern economies have given rise to more threats and with them IT security has become a crucial factor in business today. The Flame attacks, the Linkedin password affair or the recent French Presidential security breach are just examples that show no one is immune to these threats.
Today’s complex IT systems and business models require a global security approach that is tightly aligned with business interests. But current security implementations are far from global and in fact are fragmented and ungoverned to a large extent.
Companies and governments need a centralised way to make security decision and thus manage the increasing complexity of their IT systems vulnerable to security threats. This could only be achieved with a security governance approach, an approach that is based on an IT SOC. It is now a necessity for large enterprises as well as for smaller companies. Sony can lose billions due to an attack like the PSN ID theft, but a small or medium sized business could go out of business after a similar attack. For example this year a medium sized business located in the gentle rolling hills of Touraine in France, experienced one day a dozen policeman storm its facilities because their computers where used by the Brazilian mafia to do internet forgery. A difficult event to recover from for this SMB, that nearly go out of business because of this.
While an IT SOC could be the answer, they are complex, expensive and cumbersome to manage. As a result only the biggest companies can afford one. At least 20+ people are needed to manage and IT SOC with skills that are in short supply in the market. Not to mention managing data center facilities, high-end software, process engineering etc. The solution for most of the companies is mutualisation and collaboration, very fashionable words these days but critical ones in the security area.
After a survey PAC conducted on IT SOC in Europe we discovered that even the biggest of the European companies where outsourcing parts of their SOC such as Threat Intelligence for example while they were intensively working with their peers on Security Research and Forensics. We also encounter medium sized companies that are outsourcing labour intensive SOC activities such as 24×7 monitoring and alerting. We where also bewildered by other companies that just have a functional SOC during normal working hours, as if criminals and “hacktivist” located in Europe only work until 18:00.
Partially outsourced SOCs are not only a legitimate response to today’s compliance, security and business issues for major multinational companies but also for SMBs. Companies cannot realistically manage all their security threats by themselves. Even if security is too important to be outsourced many companies are already using services like Amazon or Salesforce for business critical services, so why not some security functions as well? Some of the providers offering SOC services manage the security for highly sensitive users such as the British Army or the Olympic games. Using this type of provider along with a strong internal management team is best practice today for SOC services. And thankfully for SMBs and budget constrained large enterprises, many outsourced security services are more affordable than a real IT SOC.
Post by Mathieu Poujol